Health Information Management

Tip: Check on your BAs

HIM-HIPAA Insider, January 18, 2010

Add this to your HITECH checklist -- gauge your business associates’ (BAs') readiness to comply.

Make sure your BAs know they are expected to comply with the HITECH regulations. Some organizations, even this late in the game (compliance date: February 17), might not even know that they are required to be HIPAA compliant, says Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA Boot Camp in Casa Grande, AZ.

Don't just ask your BAs if they are HIPAA compliant. Ask them specific questions to gauge their readiness, such as how they will handle specific scenarios, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA. Some BAs also may not understand the full extent of what they are now required to do, says Ruelas.

For example, they might know they have new breach notification requirements, but are unaware of their other responsibilities, such as notifying covered entities of a breach, the technical safeguards of the HIPAA security rule, etc.

Most Popular